login vsi company logo login vsi company logo 250x40
  • Home
  • Blog
  • Software Supply Chain Security and The Solarwinds Compromise

Software Supply Chain Security and The Solarwinds Compromise

Login VSI, like many others, is closely following the news surrounding the SolarWinds compromise by malicious foreign state hackers.

Various sources reported that these hackers embedded their malware into an official signed release of SolarWinds code and then used that code to attack enterprise networks on which it was deployed.

Most importantly, the Login VSI suite of products was not at risk or impacted in any way by the SolarWinds compromise.

• Login VSI does not and has not used any version of SolarWinds products on any of our networks
• As a result, neither our company network nor the Login VSI product infrastructure was exposed to this threat actor nor this malicious code in any way.

Of course, we are concerned about this type of attack – as an enterprise, as a software vendor, as a testing platform, and as a product suite used along with security products to ensure their applications' function and performance from the end-user perspective. We have in place a robust set of security controls, automated tests, code reviews, and other checks and balances to reduce the likelihood of any compromise to our software. We enforce all industry-standard security measures (MFA, conditional access, device posture checks) before developers can access source code.

Login VSI products run in the end-user space and should have no more access than the user perspectives they are testing.

We are very confident in the security and integrity of our Login VSI product suite releases. Our customers should retain a high degree of confidence, as well. We are profoundly analyzing the technical details about the SolarWinds compromise and identifying any learning we can do to ensure we are resilient against such attacks today and in the future. We take security very seriously for our enterprise and yours.

Recommended Actions for Login VSI / Login Enterprise customers

There is no immediate action required for any Login VSI product deployment since this attack did not impact our product suite. It is an excellent opportunity to review your Login VSI product deployments, ensure you are current and following best practices, and contact Login VSI support should you have any questions or concerns.

First and foremost, if you have SolarWinds Orion deployed, follow the steps outlined by that vendor to mitigate the issue [2], and look at the Microsoft blog post on this topic [3]. Finally, be sure that your Login VSI software is current and following best practices [1]

[1] Login Enterprise Launcher Best Practices – Login VSI
[2] https://www.solarwinds.com/securityadvisory
[3] https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/

Please look for additional information in our next blog about how a complete testing strategy enables the rapid remediation of significant security issues, like this one.

About the author
Michael Is Login VSI's Chief Technology Officer. He has an extensive background in the technology field and is an experienced Architect and technology manager in Software as a Service with strong thought-leadership.

Ready to maximize your end-user experience?

Start maximizing your end-user experience and make your VDI environments run better and operate smoother.

Start Free Trial   Register for a Live Demo